Could future updates ever potentially be blocked (or damage) A9LH systems?

Discussion in '3DS - Flashcards & Custom Firmwares' started by apoptygma, Jun 30, 2016.

  1. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    I understand that A9LH is initialized prior to the operating system being loaded and hence any updates are performed in the modified environment, however I can imagine that if Nintendo wanted to search storage and/or memory for elements of the exploit and simply prevent the system updating or introduce elements in their update that clobber required A9LH resources they could do so fairly easily. This would of course be circumvented with updated modules for CFW or A9LH but there's nothing I understand about A9LH which makes it 'future proof' (without constant updates from the authors) should Nintendo wish to engage in a game of cat and mouse with hackers.
     


  2. sweis12

    sweis12 GBAtemp Maniac

    Member
    1,240
    511
    Oct 20, 2013
    Saint Kitts and Nevis
    They could mess with hackers. It would not be hard to tell. (SD files, the fact is uses the 8.1 firm, unofficial title IDs, out of region games, ect..)
    Will they? Probably not.
     
  3. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    My understanding is obviously somewhat crude but I wonder if there's any method they could employ to actually damage the A9LH installation itself. I would think that the system update process has permission to write to the same location on the NAND as the initial payload right? So couldn't they just 'reserve' that with dummy data and essentially brick all A9LH systems which are updated (essentially forcing A9LH users to execute, manually a customized update instead of just being able to use the standard OTA process)
     
  4. Dorimori

    Dorimori professional lurker

    Member
    409
    1,087
    Mar 17, 2016
    United States
    possibly in your closet
    You can restore a brick with A9LH, and Nintendo isn't going to brick a chunk of users.
     
  5. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    I understand you can restore a bricked OS but you can't restore anything if the A9LH payload itself is overwritten correct?
     
  6. Dorimori

    Dorimori professional lurker

    Member
    409
    1,087
    Mar 17, 2016
    United States
    possibly in your closet
    The payload (arm9loaderhax.bin) can be replaced. I assume you meant A9LH itself. Luma3DS and some other CFWs block this.
     
  7. hundshamer
    This message by hundshamer has been removed from public view by raulpica, Jun 30, 2016, Reason: Wrong thread -rp.
    Jun 30, 2016
  8. yifan_lu

    yifan_lu @yifanlu

    Member
    642
    1,325
    Apr 28, 2007
    United States
    You highly underestimate the skills of hackers if you think Nintendo can slip by a cfw uninstaller.
     
  9. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,849
    890
    Nov 21, 2015
    United States
    Acworth, GA
    Think you put this in the wrong thread?
     
    Last edited by vb_encryption_vb, Jun 30, 2016
    hundshamer likes this.
  10. hundshamer

    hundshamer GBAtemp Advanced Maniac

    Blacklisted Trader
    1,810
    806
    May 22, 2009
    United States
    Yes. Please remove the quote. It was meant for a private conversation.

    EDIT: Thank you.
     
    Last edited by hundshamer, Jun 30, 2016
  11. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    I meant more, that there's nothing inherently protected about the storage and memory used by any given CFW or system modifications. It sounds as though there's some level of self-preservation in (as the example provided earlier) Luma3DS - in that it prevents arm9loaderhax.bin being overwritten, this however is the binary which A9LH itself calls, likewise it would call Decrypt9 or any other binary if instructed to do so. I was referring to the underlying NAND inject that calls these binaries, that allocation , is it protected by A9LH itself? If so then it would theoretically be possible for Nintendo to perform checks against the ability to overwrite it and if it (the OTA update) were not able to do so, abort. I'm not saying they can ever stop a user running A9LH from updating system files out of band through some other means, I'm just asking if they could deliberately break OTA for A9LH users and if that could (deliberately or otherwise) destroy the hack itself.
     
  12. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,325
    19,600
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    They could replace your arm9loaderhax.bin, but legally can not create an execute file without asking your permission first. And of course, the second they were to do that, word would spread and people would just delete the file from their SD card.
    The only way Nintendo could remove it, would be for them physically go to your house and remove it by force. Otherwise, they can't do shit.
    BTW, the update to 11 proved that Nintendo has been cornered. Their best bet now is just move on.
     
    Last edited by Lilith Valentine, Jun 30, 2016
    Koko-Kun likes this.
  13. CreeperdivoHomebrewer

    CreeperdivoHomebrewer Sponsored by NONE OF YOUR... Never Mind

    Member
    147
    28
    Jan 4, 2016
    Canada
    Idk, in Hyrule I guess?
    Probaly not. I would'nt think of nintendo getting access to your storage online unless you were on a ftp server
     
  14. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,396
    4,730
    Mar 17, 2010
    Norway
    Alola
    They could theoretically overwrite the stage2 payload, I don't think Luma blocks that.
     
  15. phalk

    phalk Handheld Maniac

    Member
    417
    245
    Apr 23, 2009
    Brazil
    If they do introduce a brick code they would probably end up messing up and bricking legitimate users while A9LH users can just restore a backup because of the early boot control of the system.

    So, in theory, yes, they can, but due to the nature of A9LH it can easily be reversed because of the FIRM protection CFW imposes early at boot. There's nothing Nintendo can do with this, really.
     
  16. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    Perhaps I'm further exasperating my lack of understanding on this matter but you're talking about replacing arm9loaderhax.bin, I'm talking about replacing the code which calls that binary, the code which installing A9LH inserts into the NAND memory. Also legality has nothing to do with this at all. All the files on the system are created and executed by Nintendo and they require no 'law' to do so.
     
  17. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,325
    19,600
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    That would require them to modify files that they can't gain access to without accessing your hardware. They can't update the FIRM0/1 because it's being protected and the only way around that would be either new hardware or they go to your house and remove it.
     
    Koko-Kun likes this.
  18. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    I think what I'm trying to address is that A9LH works by modifying the NAND 0x96 sector, could Nintendo not correct that data in an OTA update? As I said I'm not fully aware of how this works and I'm sure someone with less understanding than yifanlu would be able to explain. I'm not clear why you say FIRM0/1 can't written, isn't that what A9LH rewrites?
     
  19. EmperorOfCanada

    EmperorOfCanada GBAtemp Maniac

    Member
    1,478
    96
    Aug 4, 2008
    Canada
    Canada
    If **I** understand correctly, a9lh boots very early in the boot process and loads LUMA, which protects itself by putting the a9lh area as readonly?
     
  20. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,325
    19,600
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    Technically, if you were running a CFW without those protections turned on, it would remove A9LH. But with current CFW set ups, they protect the A9LH from bring removed through updates.
    A9LH does rewrite the FIRM0/1, which means if it's not protected an update could remove your current install.
     
  21. apoptygma
    OP

    apoptygma GBAtemp Advanced Fan

    Member
    689
    145
    Mar 30, 2010
    I think you might have answered my question here actually - so depending on the CFW, it's likely that the CFW will protect the A9LH install. That makes lots of sense. So in theory if Nintendo attempted to remove the modifications the read-only lock in place would halt the upgrade.

    — Posts automatically merged - Please don't double post! —

    An update running without the protections in place on the CFW - thanks for the good answer.
     
    EmperorOfCanada likes this.